Riverbed products affected by OpenSSL Security Advisory CVE-2014-3513, CVE-2014-3566, CVE-2014-3567, & CVE-2014-3568 (POODLE and other vulnerabilities)

• SRTP memory leak: not vulnerable. Neither the management console nor the optimization engine use DTLS.
• “Poodle” attack: the various elements of SteelHead are individually considered below.
  •   Management interface: not vulnerable in the default configuration. SSL 3.0 is no longer the default protocol for the management interface on current software versions. To verify your setting, open the CLI, run “show web”, and look for “SSLv3 enabled: no”. You can disable it on current and prior versions with the command “no web ssl protocol sslv3”.
  • Inner channel: not vulnerable. Secure peering uses TLSv1 which is immune to Poodle. A downgrade isn’t possible because the software never attempts retries with lower TLS/SSL versions. The inner channel negotiation is always independent of whatever a client may attempt.
  • Client connections: vulnerable. An attacker may force a client to downgrade from any TLS version to SSL 3.0. Note that this is confined to attackers on the LAN (internal) side of the SteelHead; attacks over the WAN aren’t possible. A fix for the vulnerable version of OpenSSL will be included in the next scheduled software release; this fix implements TLS_FALLBACK_SCSV to prevent downgrade attacks. Please check the download page for availability.
• Session ticket memory leak and Incomplete no-ssl3 build option: vulnerable. A fix will be included in the next scheduled software release. Please check the download page for availability.

Back to top

SteelCentral products

NetShark

• SRTP memory leak: vulnerable. NetShark does not use DTLS, but the version of OpenSSL shipping with NetShark is compiled with support for SRTP, so the memory leak is still possible. A fix will be included in the next scheduled software release. Please check the download page for availability.
• "Poodle" attack: vulnerable. The current workaround is to switch the software to FIPS mode, in which SSL 3.0 is not available. If the "NetProfiler Export" feature is enabled, ensure that all NetProfilers receiving the export reports also have been switched to FIPS mode. Riverbed is still investigating whether to completely disable SSL 3.0 in a future fix or turn it off in the default configuration but still permit customers to enable it if necessary.
• Session ticket memory leak: vulnerable. A fix will be included in the next scheduled software release. Please check the download page for availability.
• Incomplete no-ssl3 build option: vulnerable. The current workaround is to switch the software to FIPS mode, in which SSL 3.0 is not available. If the "NetProfiler Export" feature is enabled, ensure that all NetProfilers receiving the export reports also have been switched to FIPS mode. A fix will be included in the next scheduled software release. Please check the download page for availability.

AppResponse

• "Poodle" attack: AppResponse does not employ OpenSSL's server interface. However, a newer version without the vulnerability (openssl-1.0.1j) has been incorporated to simplify security audits of ARX devices.

Other products are currently under investigation.

Back to top

SteelFusion products

Back to top

SD-WAN products

Back to top

Xirrus WiFi

Background
CVE-­2014-­3566 colloquially referred to as the “POODLE attack”, refers to a way to exploit the TLS to SSL fallback mechanism. The US Government National Vulnerability Database has rated the POODLE vulnerability as 4.3/10 for severity and “Medium” in terms of complexity -­‐ meaning it is not very severe and not very easy to exploit.

Transport Layer Security (TLS) and Secure Socket Layer (SSL) are security protocols used in client and server applications for securing communications. SSL 3.0 is an obsolete and relatively insecure protocol that has been replaced by its successors TLS 1.0, TLS 1.1 and TLS 1.2. To ensure smooth user experience and backward compatibility many applications implement a “protocol handshake” that allows the client and server to negotiate on a latest version and security protocol that is supported by both client and server. To work with legacy systems, many TLS clients implement a “downgrade dance” where they first offer the highest protocol version supported by the client and if that fails, retry with earlier protocol versions. This downgrade can also be triggered by network glitches or by active attackers, maliciously causing the client to use SSL 3.0 and thereby exploit the vulnerabilities in it.

Disabling SSL 3.0 in the client or in the server or both can eliminate the POODLE vulnerability. If either side supports only SSL 3.0, then the vulnerability exists. If disabling SSL 3.0 is not practical (in order to work with legacy systems), then the TLS_FALLBACK_SCSV mechanism (as documented in draft‐ietf­‐tls-­downgrade‐scsv-­00) must be implemented.

What must be done to clients (laptops, tablets, phones, etc.) to remediate this issue?
Various browsers, web applications and mobile applications commonly use TLS and SSL. Check with the vendors for specific applications on steps to address this vulnerability.

What server side actions can be taken to remediate this issue?
Most web servers that secure communications support TLS and/or SSL. Please check with your specific web server vendors on steps to address this vulnerability.

Which Xirrus products are affected?
The following table summarizes the Xirrus products affected and the plan to address this vulnerability

Xirrus holds the security of our customers in the highest regard.  Should you have any other questions or concerns about this vulnerability, please contact Xirrus Support at support@xirrus.com or via telephone at one the following numbers: